package hostsystem;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class Updateprofile extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws IOException, ServletException {
		HttpSession session = req.getSession();
		if (session.getAttribute("islogin")==null) {resp.sendRedirect("login.html"); return;}
		String msg = null;
		String account_id = req.getParameter("account_id");
		String name = req.getParameter("name");
		String oldpassword = req.getParameter("oldpassword");
		String password = req.getParameter("password");
		String password1 = req.getParameter("password1");
		String epass=SetMD5.getMD5(oldpassword);
		//System.out.println("epass "+epass);
		// String type = req.getParameter("type");
		// String status = req.getParameter("status");

		Connection con = hostdb.getConnection();
		PreparedStatement ps = null;
		ResultSet rs = null;

		// make a password checking class
		try {
			ps = con.prepareStatement("select * from users where account_id=?");
			ps.setString(1, account_id);
			rs = ps.executeQuery();
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		try {
			if (rs.next()) {
				if (rs.getString("password").equals(epass)) {
					if (password.equals(password1)) {
						//System.out.println("udate new password " + password);

						if (password.equals("") || password.equals(null)) {
							try {
								ps = con.prepareStatement("update users set name=? where account_id=?");
								ps.setString(1, name);
								ps.setString(2, account_id);
								//System.out.println("update : not change password");
							} catch (SQLException e) {
								// TODO Auto-generated catch block
								e.printStackTrace();
							}
						} else {

							try {
								ps = con.prepareStatement("update users set name=?, password=? where account_id=?");
								ps.setString(1, name);
								ps.setString(2, SetMD5.getMD5(password));
								ps.setString(3, account_id);
								//System.out.println("update : change password");
							} catch (SQLException e) {
								// TODO Auto-generated catch block
								e.printStackTrace();
							}
						}

						try {
							ps.executeUpdate();
							con.commit();
							ps.close();
							con.close();
						} catch (SQLException e) {
							// TODO Auto-generated catch block
							e.printStackTrace();
						}
						//req.setAttribute("name", name);
						msg = "profile updated!";
						//System.out.println("update " + msg);
						req.setAttribute("msg", msg);
						req.getRequestDispatcher("/msg.jsp").forward(req, resp);

					} else {
						try {
							ps.close();
							con.close();
						} catch (SQLException e) {
							// TODO Auto-generated catch block
							e.printStackTrace();
						}
						msg = "password not match!";
						//System.out.println("update" + msg);
						req.setAttribute("msg", msg);
						req.getRequestDispatcher("/msg.jsp").forward(req, resp);
					}
				} else {
					// wrong password
					ps.close();
					con.close();
					msg = "Wrong Password!";
					//System.out.println("update" + msg);
					req.setAttribute("msg", msg);
					req.getRequestDispatcher("/msg.jsp").forward(req, resp);
				}
			}
		} catch (SQLException e) {
			e.printStackTrace();
		}
	}
	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
		resp.sendRedirect("login.html");
	}
}